"With three quarters (74 percent) reporting a material data loss in the past year, more than doubling the previous year (34 percent), and over half (56 percent) of all respondents citing human error as the leading vulnerability, this issue cannot be ignored. Making training stick Relying on sporadic training and occasional phishing simulations may achieve compliance and satisfy audit requirements, but doesn't lead to lasting behavior change, says Will Candrick, senior director analyst at Gartner."
"To improve cyber awareness, organizations need to move beyond box-ticking exercises and build engagement through relevance and creativity. This is the advice of Simon Backwell, a member of the Emerging Trends Working Group at professional association ISACA, and head of information security at software company Benefex. He advocates for interactive, rather than static training, where employees can explore why something was suspicious, as they learn by doing, rather than guessing the right answer and moving on."
CISOs report a sharp decline in employee understanding of security roles, falling from 84 percent to 57 percent year-on-year. Seventy-four percent reported a material data loss in the past year, up from 34 percent, and 56 percent identified human error as the leading vulnerability. Sporadic training and occasional phishing simulations often achieve compliance but fail to produce lasting behavior change. Organisations should move beyond box-ticking exercises to build engagement through relevance, creativity, and interactive learning. Creative formats such as audio-drama awareness courses can increase engagement and improve retention when people can learn by doing.
Read at IT Pro
Unable to calculate read time
Collection
[
|
...
]